Screen OS

hi all,

I got a question that would like to get help from here. This is related to ISG1000 HA configuration.

----------------                                      ---------------

|Core switch|                                     |Core switch|

----------------                                       ----------------

        |                                                        | 

        |192.168.1.3(active path)                 |192.168.1.4(passive path, when active path is down this passive will up)

        |                                                        |

----------------                                       ----------------

L2 switch                                             L2 switch

----------------                                        -----------------

        |                                                        |

        |                                                        |  

---------------                                          ---------------

FW 1(M)    |   <-------HA----------->     |  FW 2  (B) |

----------------                                         ----------------

above my setup.

1.) i use the NSRP track ip to health check the "192.168.1.3". if the "192.168.1.3" is not reachable then i will failover from FW1 to FW2.

2.) i deploy the same config at FW 2 just the IP tracking is 192.169.1.4. if the "192.168.1.4" is not reacheable when FW2 is act as Master

My main problem is there is a possibilty when "192.168.1.3" path first down and FW1 become Backup and FW2 is Master. There is a chance that "192.168.1.3" path is fix and restore. the "192.168.1.4" path will become passive again and will not forward any traffic. when this situation happen, FW2 is still Master and it dunno how to switch back to FW1 because FW2 still able to reach 192.168.1.4 ... that so FW2 cant meet the failover criteria ....

Any one know how to solve this situation ?

All suggestion is welcome.

Thanks in advance

Thank you

Meng Kiat

hi

could you set on the Master :

set nsrp vsd-group master-always-exist

and enable  "Enable Preempt" 

please could you do that and let us know 

please could you send us 

> get nsrp

thanks  

hi

Also i think this link will help you 

When to use the NSRP commands: preempt, master-always-exist, and ha-link probe

http://kb.juniper.net/index?page=content&id=KB14156&cat=HA_REDUNDANCY&actp=LIST

thnks 

Hi Mehdi,

thanks for the suggestion for my question. i will try it tomorrow and let you know wheter the way is working or not ...

thank you

hi Mehdi,

thanks for the advice. its working fine now ...

Just 1 situation to share with you, the core switch that i using is foundry switch. when the failover process too frequent ( 3 times --> failover to FW 2 and FW 1 act as master again when link is restore, repeat for 3 times) the core switch will some how confius with the ARP entry... i must clear the ARP entry at core switch then will only work fine  ...

Still figuring how to address the issue above ...

 Any idea from you ?

Thank you

Meng Kiat